Improper access control in the PCTCore64.sys Windows kernel driver of Symantec PC Tools Internet Security allows a user‑mode process to access privileged IOCTL handlers through the driver’s WDM device interface. Because the driver does not enforce proper permissions, a local attacker can invoke privileged commands that bypass normal Windows kernel security checks, enabling the attacker to execute arbitrary operations with kernel‑level privileges. This flaw directly facilitates the acquisition of full system control.

Symantec PC Tools Internet Security contains the vulnerable PCTCore64.sys driver. No vendor‑specified version numbers were provided, so any installation of the PC Tools Internet Security suite that includes this driver may be affected. Users should verify whether the driver is present by checking the installation directory for PCTCore64.sys.

The CVSS score of 7.8 indicates high severity. Because the exploit requires local access to load or interact with the driver, no known exploitation is reported and the vulnerability is not listed in CISA KEV. An attacker needs to have some user privileges to gain the ability to load the driver or call its IOCTL interface, after which the vulnerability can be abused to perform privileged actions. Although the attack surface is limited to systems running the compromised driver, the impact of successful exploitation is complete control of the machine.